• DPMC Moderators: thegreenhand | tryptakid
  • Drug Policy & Media Coverage Welcome Guest
    View threads about
    Posting Rules Bluelight Rules
    Drug Busts Megathread Video Megathread

NSA and GCHQ target Tor network that protects anonymity of web users

StoneHappyMonday

StoneHappyMonday

Bluelighter
Joined
May 10, 2001
Messages
18,084
http://www.theguardian.com/world/2013/oct/04/nsa-gchq-attack-tor-network-encryption

The National Security Agency has made repeated attempts to develop attacks against people using Tor, a popular tool designed to protect online anonymity, despite the fact the software is primarily funded and promoted by the US government itself.

Top-secret NSA documents, disclosed by whistleblower Edward Snowden, reveal that the agency's current successes against Tor rely on identifying users and then attacking vulnerable software on their computers. One technique developed by the agency targeted the Firefox web browser used with Tor, giving the agency full control over targets' computers, including access to files, all keystrokes and all online activity.

But the documents suggest that the fundamental security of the Tor service remains intact. One top-secret presentation, titled 'Tor Stinks', states: "We will never be able to de-anonymize all Tor users all the time." It continues: "With manual analysis we can de-anonymize a very small fraction of Tor users," and says the agency has had "no success de-anonymizing a user in response" to a specific request.

Another top-secret presentation calls Tor "the king of high-secure, low-latency internet anonymity".

Tor – which stands for The Onion Router – is an open-source public project that bounces its users' internet traffic through several other computers, which it calls "relays" or "nodes", to keep it anonymous and avoid online censorship tools.

It is relied upon by journalists, activists and campaigners in the US and Europe as well as in China, Iran and Syria, to maintain the privacy of their communications and avoid reprisals from government. To this end, it receives around 60% of its funding from the US government, primarily the State Department and the Department of Defense – which houses the NSA. (continues, click the link)
Click to expand...

...
 
Edward snowden really is a hero. This shit is crazy.
 
Not really about drugs, so I wrote about it in CE&P NSA thread (didn't know it was posted here). I didn't find any clue in the article how to protect yourself from these attacks.
 
^ I believe the attack they are talking about utilised an exploit in an older version of firefox, using the latest version and disabling flash and Java prevented it I heard.
 
Why not use another web browser specifically for dark net transactions, such as Opera, or Chrome?
 
Opera and Chrome are Closed Source - meaning you cannot see the code. Meaning the first line could be /* LAW ENFORCEMENT BACKDOOR - LEAVE IN PLACE */

Firefox is open source, everyone can see the source code to make sure this doesn't happen.
 
I beleive it was a javascript (which Flash can also execute) exploit (completely different to Java) that was exploited, but I stopped following a career in computer security years ago, so I may be wrong.
 
Last edited:
^ Your career has no bearing on how the exploit works, but fyi it was a javascript exploit they used. Tor is still quite secure. :)
 
Newbierock said:
^ Your career has no bearing on how the exploit works, but fyi it was a javascript exploit they used. Tor is still quite secure. :)
Click to expand...
what makes you so sure? LE recently brought down about 50% of onion sites. how do you know they don't having other 0days in the wild, targeting people as we speak?

the presentatio leaked by ES ("tor stinks") hints at the possibility they're still having problems, but i find it pretty hard to evaluate how accurate and how recent that information is.

how do you know they're not controlling a majority of exit nodes?
 
LE recently brought down Freedom Hosting - not TOR. Freedom Hosting, from what I understand, hosted 50% * according to you, I really don't know, but I would imagine that by getting Freedom Hosting, a few people in interrogation rooms scared shitless and offered deals would have spilled lots of beans without much intimidation needed.

FH was a massive bust. The emails alone on Tormail, well. It was hugely significant for LE.

This is all old fashioned police work, at least they're doing the job they're paid to do. And I have no sympathy for SOME of the people they caught along with that, but drugs, IMO, should not fall into the same category, be lumped in with terrible crimes which most people would be against, but the fact is they are.

If you support DPR, you are supporting words I don't feel comfortable repeating. From what I understand, the host was a freedom of speech host. He hosted anything. I disagreed strongly with a lot that he hosted, but I agreed with his explanation.

There is no black and white. Except for the drug war. It is a failure and needs to be stopped.
 
Sandy, do you live on a beach? I wondered by your username. You registered this month, ask a lot of questions about controversial subjects and, well, I'll be honest because I've had a dozen beers and a lot of benzodiazipines, how did you find this site and why are you so interested all of a sudden?

Oh, before you ask, I have nobody to "hit" so don't start that line of inquiry.

It seems every hit man I've ever heard of is a fucking pig.
 
Fuck I love your posts opi8, never a dull moment and often very informative, I also get a laugh quite often (like now). :)

I know what you mean about under covers being hit men, you hear about it so often it is fucking crazy. It's like do they have a branch of coppers that just go out pretending to be hit men in the hopes people are dumb enough to ask them? I suppose that wouldn't be half as crazy as it sounds, I couldn't count how many stories I have read in the paper over the years where some idiot got busted trying to pay a cop to hit his wife or whatever.
 
Funnily enough, they still cant crack TOR. As they have admitted, all previous cases against users have been through different users,,, I cant say it wont be cracked (I think it will easily), the gov are just not as thick (have more res) than a lot of us think they do... ;)
 
Mendo_K said:
Funnily enough, they still cant crack TOR. As they have admitted, all previous cases against users have been through different users,,, I cant say it wont be cracked (I think it will easily), the gov are just not as thick (have more res) than a lot of us think they do... ;)
Click to expand...

That's the bit I find rather funny, when SR carced it a whole load of people were going 'hurrr I knew TOR wasn't safe, lol silly people believing they could use the internet anonymously,' but the shutdown had nothing to do with TOR being cracked or broken and everything to do with everyday human error. Not saying TOR can't/won't be cracked, but going by my limited understanding, it hasn't so far.
 
They are getting help though, they are using all these kids that they arrested from the hacking groups Anonymous, Lulszec etc

Whats funny is the court case of the Lulzsec hacker "Sabu" who has turned into an FBI Informant has been pushed back again after the recent bust of Silk Roads owner DPR....

The Federal Agent who caught Sabu and turned him... is also one of the main agents who worked on the Silk Road case...
 
I read somewhere today that Sabu may have been "Agent 1". There's no proof, but it would be interesting if true.
 
^ sounds plausible, but then so does david icke for the first few minutes, then he gets on to the alien lizard people.
 
webbykevin said:
^ sounds plausible, but then so does david icke for the first few minutes, then he gets on to the alien lizard people.
Click to expand...
All of this is OT and should really be binned and maybe you just wanted to make a joke but I'll bite anyway. It kinda pisses me off that people take post count and registration date as a sign of credibility. In my view, it helps you little more than to rule out that someone is a troll or spammer. But every post should be judged on its merit. You can be around a forum long enough and still post stuff that's hardly insightful. And there are n00bs which make solid first poasts, second poasts, and so on.
 
You must log in or register to reply here.
Top